2280037 – (CVE-2024-29157, CVE-2024-29158, CVE-2024-29159, CVE-2024-29160, CVE-2024-29161, CVE-2024-29162, CVE-2024-29163, CVE-2024-29164, CVE-2024-29165, CVE-2024-29166, CVE-2024-32605, CVE-2024-32606, CVE-2024-32607, CVE-2024-32608, CVE-2024-32609, CVE-2024-32610, CVE-2024-32611, CVE-2024-32612, CVE-2024-32613, CVE-2024-32614, CVE-2024-32615, CVE-2024-32616, CVE-2024-32617, CVE-2024-32618, CVE-2024-32619, CVE-2024-32620, CVE-2024-32621, CVE-2024-32622, CVE-2024-32623, CVE-2024-32624, CVE-2024-33873, CVE-2024-33874, CVE-2024-33875, CVE-2024-33876, CVE-2024-33877) hdf5: multiple CVEs

Bug 2280037 (CVE-2024-29157, CVE-2024-29158, CVE-2024-29159, CVE-2024-29160, CVE-2024-29161, CVE-2024-29162, CVE-2024-29163, CVE-2024-29164, CVE-2024-29165, CVE-2024-29166, CVE-2024-32605, CVE-2024-32606, CVE-2024-32607, CVE-2024-32608, CVE-2024-32609, CVE-2024-32610, CVE-2024-32611, CVE-2024-32612, CVE-2024-32613, CVE-2024-32614, CVE-2024-32615, CVE-2024-32616, CVE-2024-32617, CVE-2024-32618, CVE-2024-32619, CVE-2024-32620, CVE-2024-32621, CVE-2024-32622, CVE-2024-32623, CVE-2024-32624, CVE-2024-33873, CVE-2024-33874, CVE-2024-33875, CVE-2024-33876, CVE-2024-33877) - hdf5: multiple CVEs

Summary: hdf5: multiple CVEs

Keywords:
Status:	NEW
Alias:	CVE-2024-29157, CVE-2024-29158, CVE-2024-29159, CVE-2024-29160, CVE-2024-29161, CVE-2024-29162, CVE-2024-29163, CVE-2024-29164, CVE-2024-29165, CVE-2024-29166, CVE-2024-32605, CVE-2024-32606, CVE-2024-32607, CVE-2024-32608, CVE-2024-32609, CVE-2024-32610, CVE-2024-32611, CVE-2024-32612, CVE-2024-32613, CVE-2024-32614, CVE-2024-32615, CVE-2024-32616, CVE-2024-32617, CVE-2024-32618, CVE-2024-32619, CVE-2024-32620, CVE-2024-32621, CVE-2024-32622, CVE-2024-32623, CVE-2024-32624, CVE-2024-33873, CVE-2024-33874, CVE-2024-33875, CVE-2024-33876, CVE-2024-33877
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2280039 2280040 2280041 2280042 2280038
Blocks:
TreeView+	depends on / blocked

Reported:	2024-05-10 19:56 UTC by Zack Miele
Modified:	2024-06-20 13:29 UTC (History)
CC List:	12 users (show)
Fixed In Version:	hdf5 1.14.4
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Zack Miele 2024-05-10 19:56:59 UTC

The following 35 vulnerabilities were published for hdf5:
https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/

CVE-2024-33877
| HDF5 Library through 1.14.3 has a heap-based buffer overflow in
| H5T__conv_struct_opt in H5Tconv.c.

CVE-2024-33876
| HDF5 Library through 1.14.3 has a heap buffer overflow in
| H5S__point_deserialize in H5Spoint.c.

CVE-2024-33875
| HDF5 Library through 1.14.3 has a heap-based buffer overflow in
| H5O__layout_encode in H5Olayout.c, resulting in the corruption of
| the instruction pointer.

CVE-2024-33874
| HDF5 Library through 1.14.3 has a heap buffer overflow in
| H5O__mtime_new_encode in H5Omtime.c.

CVE-2024-33873
| HDF5 Library through 1.14.3 has a heap-based buffer overflow in
| H5D__scatter_mem in H5Dscatgath.c.

CVE-2024-32624
| HDF5 Library through 1.14.3 contains a heap-based buffer overflow in
| H5T__ref_mem_setnull in H5Tref.c (called from H5T__conv_ref in
| H5Tconv.c), resulting in the corruption of the instruction pointer.

CVE-2024-32623
| HDF5 Library through 1.14.3 contains a heap-based buffer overflow in
| H5VM_array_fill in H5VM.c (called from H5S_select_elements in
| H5Spoint.c).

CVE-2024-32622
| HDF5 Library through 1.14.3 contains a out-of-bounds read operation
| in H5FL_arr_malloc in H5FL.c (called from H5S_set_extent_simple in
| H5S.c).

CVE-2024-32621
| HDF5 Library through 1.14.3 contains a heap-based buffer overflow in
| H5HG_read in H5HG.c (called from H5VL__native_blob_get in
| H5VLnative_blob.c), resulting in the corruption of the instruction
| pointer.

CVE-2024-32620
| HDF5 Library through 1.14.3 contains a heap-based buffer over-read
| in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of
| the instruction pointer.

CVE-2024-32619
| HDF5 Library through 1.14.3 contains a heap-based buffer overflow in
| H5T_copy_reopen in H5T.c, resulting in the corruption of the
| instruction pointer.

CVE-2024-32618
| HDF5 Library through 1.14.3 contains a heap-based buffer overflow in
| H5T__get_native_type in H5Tnative.c, resulting in the corruption of
| the instruction pointer.

CVE-2024-32617
| HDF5 Library through 1.14.3 contains a heap-based buffer over-read
| caused by the unsafe use of strdup in H5MM_xstrdup in H5MM.c (called
| from H5G__ent_to_link in H5Glink.c).

CVE-2024-32616
| HDF5 Library through 1.14.3 contains a heap-based buffer over-read
| in H5O__dtype_encode_helper in H5Odtype.c.

CVE-2024-32615
| HDF5 Library through 1.14.3 contains a heap-based buffer overflow in
| H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier
| use of an initialized pointer.

CVE-2024-32614
| HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c.

CVE-2024-32613
| HDF5 Library through 1.14.3 contains a heap-based buffer over-read
| in the function H5HL__fl_deserialize in H5HLcache.c, a different
| vulnerability than CVE-2024-32612.

CVE-2024-32612
| HDF5 Library through 1.14.3 contains a heap-based buffer over-read
| in H5HL__fl_deserialize in H5HLcache.c, resulting in the corruption
| of the instruction pointer, a different vulnerability than
| CVE-2024-32613.

CVE-2024-32611
| HDF5 Library through 1.14.3 may use an uninitialized value in
| H5A__attr_release_table in H5Aint.c.

CVE-2024-32610
| HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c,
| resulting in a corrupted instruction pointer.

CVE-2024-32609
| HDF5 Library through 1.14.3 allows stack consumption in the function
| H5E_printf_stack in H5Eint.c.

CVE-2024-32608
| HDF5 library versions <=1.14.3 contain a memory corruption in 
| H5A__close resulting in the corruption of the instruction pointer 
| and causing denial of service or potential code execution.

CVE-2024-32607
| HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c,
| resulting in the corruption of the instruction pointer.

CVE-2024-32606
| HDF5 Library through 1.14.3 may attempt to dereference uninitialized
| values in h5tools_str_sprint in tools/lib/h5tools_str.c (called from
| h5tools_dump_simple_data in tools/lib/h5tools_dump.c).

CVE-2024-32605
| HDF5 Library through 1.14.3 has a heap-based buffer over-read in
| H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in
| H5Dcompact.c).

CVE-2024-29166
| HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode,
| resulting in the corruption of the instruction pointer and causing
| denial of service or potential code execution.

CVE-2024-29165
| HDF5 through 1.14.3 contains a buffer overflow in
| H5Z__filter_fletcher32, resulting in the corruption of the
| instruction pointer and causing denial of service or potential code
| execution.

CVE-2024-29164
| HDF5 through 1.14.3 contains a stack buffer overflow in
| H5R__decode_heap, resulting in the corruption of the instruction
| pointer and causing denial of service or potential code execution.

CVE-2024-29163
| HDF5 through 1.14.3 contains a heap buffer overflow in
| H5T__bit_find, resulting in the corruption of the instruction
| pointer and causing denial of service or potential code execution.

CVE-2024-29162
| HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow
| in H5HG_read, resulting in denial of service or potential code
| execution.

CVE-2024-29161
| HDF5 through 1.14.3 contains a heap buffer overflow in
| H5A__attr_release_table, resulting in the corruption of the
| instruction pointer and causing denial of service or potential code
| execution.

CVE-2024-29160
| HDF5 through 1.14.3 contains a heap buffer overflow in
| H5HG__cache_heap_deserialize, resulting in the corruption of the
| instruction pointer and causing denial of service or potential code
| execution.

CVE-2024-29159
| HDF5 through 1.14.3 contains a buffer overflow in
| H5Z__filter_scaleoffset, resulting in the corruption of the
| instruction pointer and causing denial of service or potential code
| execution.

CVE-2024-29158
| HDF5 through 1.14.3 contains a stack buffer overflow in
| H5FL_arr_malloc, resulting in the corruption of the instruction
| pointer and causing denial of service or potential code execution.

CVE-2024-29157
| HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read,
| resulting in the corruption of the instruction pointer and causing
| denial of service or potential code execution.

Comment 1 Zack Miele 2024-05-10 19:59:17 UTC

Created hdf5 tracking bugs for this issue:

Affects: epel-7 [bug 2280039]
Affects: epel-8 [bug 2280040]
Affects: fedora-38 [bug 2280038]
Affects: fedora-39 [bug 2280041]
Affects: fedora-40 [bug 2280042]

Comment 2 Salvatore Bonaccorso 2024-05-17 05:41:29 UTC

Hi

The list of CVEs in the Bugzilla Alias and the Subject does not seem to contain all the valid CVEs, or for instance such which are not listed on hdf5 release page, I assume they are typos? E.g. CVE-2024-326052.

Can you have a look and if so adjust the metadata?

Comment 3 Zack Miele 2024-05-17 12:31:47 UTC

In reply to comment #2:
> Hi
> 
> The list of CVEs in the Bugzilla Alias and the Subject does not seem to
> contain all the valid CVEs, or for instance such which are not listed on
> hdf5 release page, I assume they are typos? E.g. CVE-2024-326052.
> 
> Can you have a look and if so adjust the metadata?

Didn't catch that while creating this, thanks for pointing that out. Should be unmangled now and have the correct CVEs. Although the subject may be truncated.

I can certainly break these out if this still causes some issues, but I had hoped this would be a bit easier for folks to consume in one place.

Note You need to log in before you can comment on or make changes to this bug.